This allows us to lint our .gitlab-ci.yml file and other yaml
files in general

In GitLab 13.1.0, we added an S3 client to Workhorse
(https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/466).
Previously this client would only be enabled if AWS instance profiles
(use_iam_profile) were used. We extend this functionality if the
consolidated object storage settings are enabled for AWS.

This will fix ETag Mismatch errors with non-AWS S3 providers and pave
the way for supporting encrypted S3 buckets with customer-provided keys.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/220288

To avoid duplicated code when implementing prometheus api proxy
behavior we need to extrac common logic into dedicated module

Introduces a new `diff` action on the wiki controllers which shows
the diff for the selected file and commit.

- Add `Gitlab::Diff::FileCollection::WikiPage`.
- Override diff helpers in wiki controller.
- Unify wiki views:
  - Always use limited container width.
  - Always add breadcrumbs for wiki page path.
  - Show sidebar in diff view.
  - Align title in diff view with history view.
  - Add helpers for wiki page headers.

This MR automates steps for the cluster reindexing process
Elastic::ClusterReindexingService is the main class responsible for
the reindexing process

This adds a YAML-based definition of feature flags
that are stored in `(ee/)configs/feature-flags/`.

Currently none of feature flag types are required
to have a present YAML definition.

This definition contains information like:

- what MR introduced FF
- helps to create and has a issue that tracks
  the rollout and removal of FF
- intentionally adds `default_enabled` to YAML
- force checks the consistency of `default_enabled`
  between what is in code and what is in YAML

Move get_keys action in profiles/keys_controller to users_controller
with renaming as ssh_keys to get easier to distinguish it from gpg_keys.

Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

author Rajendra Kadam <rajendrakadam249@gmail.com> 1580653953 +0530
committer Rajendra Kadam <rajendrakadam249@gmail.com> 1586670416 +0530

parent 6c39d8d1
author Rajendra Kadam <rajendrakadam249@gmail.com> 1580653953 +0530
committer Rajendra Kadam <rajendrakadam249@gmail.com> 1586670412 +0530

parent 6c39d8d1
author Rajendra Kadam <rajendrakadam249@gmail.com> 1580653953 +0530
committer Rajendra Kadam <rajendrakadam249@gmail.com> 1586670402 +0530

parent 6c39d8d1
author Rajendra Kadam <rajendrakadam249@gmail.com> 1580653953 +0530
committer Rajendra Kadam <rajendrakadam249@gmail.com> 1586670397 +0530

parent 6c39d8d1
author Rajendra Kadam <rajendrakadam249@gmail.com> 1580653953 +0530
committer Rajendra Kadam <rajendrakadam249@gmail.com> 1586670392 +0530

Add custom emoji schema and model spec

Add custom emoji factory for specs

Add migration file

Add custom emoji model spec

update emoji specs

Fix failures in model

Remove index creation using concurrent algorithm

Change db/schema.rb

Revert "Change db/schema.rb"

This reverts commit a5d492f738b839b165dd7e3fff5f02bedb9aabab.

JSON has been the default serializer since Rails 4.1. Hybrid
serializer was meant to allow backward compatibility when
upgrading pre-Rails 4.1. It's been some time since we upgraded
to Rails 4.1 so now we don't need the hybrid serializer anymore.
This also causes security concerns since the previous serializer
was Marshal.

- Fix specs for lograge

- Fix specs
- Don't initialize db metrics for logger
- Dont log db count in lograge if there is no db_duration_s

See https://gitlab.com/gitlab-org/gitlab/-/issues/220321

Adding changelog entry

This commit adds a warning when dev adds a new secret

When a user leaves the team add the option to unassign them from any
issues or merge requests within that team either either at project or
group level

Going forward, we will generate CSRF tokens using Rails 6.0.3.1.
Unblocks any future Rails upgrades

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Adds a new controllers for handling raw snippet
data for multiple-file snippets (personal and project)

Inconsistencies build up over time in the project_authorizations table.
To avoid too many invalid entries,
AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker jobs are
scheduled for each user weekly.

This MR exposes a new endpoint to improve the performance of our
junit feature. We are now able to read data from the database
instead of parsing and loading all reports in memory.

This reverts merge request !34504

This reverts merge request !25566

Previously the Devise error message that was displayed to users with
un-confirmed email addresses was so brief that it confused users. This
expands the message to explain what the user should do next.

This removes the monkeypatch for Rails optimistic locking by setting the
relevant rows to be NOT NULL and then removing the extra code.

In past commits we've migrated the data and set defaults for all columns

See https://gitlab.com/gitlab-org/gitlab/-/issues/220321

Currently each object type has its own section in gitlab.yml. For
example:

```
  artifacts:
    path: tmp/tests/artifacts
    enabled: true
    object_store:
      enabled: false
      remote_directory: artifacts # The bucket name
      background_upload: false
      connection:
        provider: AWS
        aws_access_key_id: AWS_ACCESS_KEY_ID
        aws_secret_access_key: AWS_SECRET_ACCESS_KEY
        region: us-east-1
```

External diffs, LFS, uploads, packages, etc. all have similar
independent configuration object storage sections. While this redundancy
makes it possible to configure each bucket with different providers or
credentials, this causes a configuration explosion that makes GitLab
hard to manage.

This change preserves the legacy format but adds a new `gitlab.yml`
section that enforces a single, common object storage provider for all
object storage types. This will make it possible for the S3 client in
Workhorse to operate with one credential and simplify the configuration
for the end user. An example config:

```
  object_store:
    enabled: true
    connection:
      provider: AWS
      aws_access_key_id: AWS_ACCESS_KEY_ID
      aws_secret_access_key: AWS_SECRET_ACCESS_KEY
      region: us-east-1
    proxy_download: true
    objects:
      artifacts:
        bucket: artifacts
        proxy_download: false
      external_diffs:
        bucket: external-diffs
      lfs:
        bucket: lfs-objects
      uploads:
        bucket: uploads
      packages:
        bucket: packages
      dependency_proxy:
        bucket: dependency_proxy
```

Note that:

1. The consolidated config only gets used if `object_store` is NOT
   defined within the types themselves.
2. A bucket needs to be defined for each object type.
3. Only bucket, enabled, and proxy_download can be overridden from the
common configuration.

Consolidating support for a single bucket for all types is a larger and
more involved change.

First step of https://gitlab.com/gitlab-org/gitlab/-/issues/23345

This reverts merge request !34249

Three guards have been added:
1. The service used by the worker will not raise an error
upon receiving an invalid regex but it will return an error
response
2. The expiration container policy will not schedule the
next run for the given container expiration policy if it is
valid. In addition, the given container expiration policy
will be disabled
3. Added a new UntrustedRegexp validator for Grape APIs.
This one has been used in `API::ProjectContainerRepositories` to prevent
enqueuing a job with invalid regex

- introduce new_import_ui feature flag
- implement specialized serializers

Replace openid_connect_signing_key with the new ci_jwt_signing_key when
generating CI_JOB_JWT.

This also implements /-/jwks endpoint instead of delegating to
Doorkeper. Response will still include openid_connect_signing_key for
seamless rollout.

Related to https://gitlab.com/gitlab-org/gitlab/-/issues/214607.